<?php
/*
 * Created on Sep 13, 2010
 *
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */
 
include_once("./configure/configure.php");		//--> global var
include_once("Smarty.class.php");				//--> out template
include_once("Common.php");
include_once("UploadFiles.php");				//--> UploadFiles
include_once("customerSession.inc.php");
include_once ("Session.php");					//-- Session
include_once ("Password.php");					//-- Password

include_once("Strings.php");					//--> String utils

include_once("orders/Cart.php");					//--> Cart
include_once("orders/CartProduct.php");				//--> Cart
include_once("orders/CartProductAttribute.php");	//--> Cart

require_once('includeHttps.php');

$common 		= new Common();
$objPassword 	= new Password();
$objSession		= new Session(DB_TAG_SYSTEM, SESSION_TABLE_NAME);	//-- session

$objCart 		= new Cart();		//--> Cart
$objStrings 	= new Strings();

$isLogin		= false;

/*----- check session -----*/
if($objSession->exist()) {
	$isLogin	= true;
	
	$customerid = $objSession->getUserID();
}else{
	$location = HOME_URL . '/login.php';
	
	header("Location: $location");
	exit;
}

if($_SESSION['cart'])
	$objCart = unserialize($_SESSION['cart']);

$password_new	= '';
$password_new	= '';
$password 		= '';

if(isset($_POST['password_current'])){
	$password_new 			= $_POST['password_new'];
	$password_confirmation 	= $_POST['password_confirmation'];
	$password 				= $_POST['password_current'];

	$sql 		= "SELECT id, password FROM customers WHERE id = $customerid";
	$hmCustomer	= $common->getHash(DB_TAG_SYSTEM, $sql);
		
	if($password == '')
		$error_message = "Password is required.";	//-- login name was empty
	else if($password_new == '')
		$error_message = "new password is required.";	//-- 
	else if($password_new != $password_confirmation)
		$error_message = "The Password Confirmation must match your new Password.";	//--
	else if (!($objPassword->validate($password, $hmCustomer[$customerid]))) {
		$error_message = 'Your Current Password did not match the password in our records. Please try again.';
	}
	
	if(empty($error_message)){
		$passwordmd5= $objPassword->encrypt($password_new);
		
		$sql 		= "UPDATE customers SET modifiedTime = UTC_TIMESTAMP(), password = '$passwordmd5' WHERE id = $customerid";
		$isSuccess 	= $common->update(DB_TAG_SYSTEM, $sql);
		
		if($isSuccess){
			$location = HOME_URL . '/myaccount.php';
	
			header("Location: $location");
			exit;
		}else{
			$error_message = 'change failure.';
		}
	}
	
}

include_once("includeCategory.php");	//--> include category
include_once("includeSpec.php");		//--> include spec

/*----- out html -----*/
$smarty = new Smarty();	//-- out template
$smarty->template_dir 	= TEMPLATE_DIR;
$smarty->compile_dir  	= COMPILE_DIR;
$smarty->cache_dir  	= CACHE_DIR;

$smarty->force_compile 	= false;
$smarty->debugging 		= false;
$smarty->caching 		= false;
$smarty->cache_lifetime = 120;

$smarty->assign('error_message', $error_message);

$smarty->assign('HOME_URL', HOME_URL);
$smarty->assign('HOME_URL_HTTP', HOME_URL);

$smarty->assign('categorys', $categorys);
$smarty->assign('topCategory', $topCategory);
$smarty->assign('specProducts', $specProducts);

$smarty->assign('objCart', $objCart);
$smarty->assign('objStrings', $objStrings);

$smarty->assign('isLogin', $isLogin);

$smarty->display('changePassword.html');
?>
